Sorebrect case subject – fileless ransomware

This variant arrives as a text file with a name that tricks the users into opening it either downloaded from malicious websites or installed by other malware. It injects malicious code in the Service Host process (svchost.exe) to avoid antivirus detection and application control. The actual encryption is done from the svchost.exe process and it avoids some of the Windows system folders. The ransomware searches for common anti-malware software and attempts to stop the associated services.

Sorebrect case facts

This variant starts encrypting files several seconds after compromising the Service Host process. TEMASOFT Ranstop detects the ransomware in a few seconds and alerts the user. Next, the clean-up and recovery processes begin.

Sorebrect case Conclusion

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

These types of ransomware are usually eluding antivirus detection, especially the zero-day variants, simply because they are using legitimate processes in which they inject malicious code via seemingly appropriate techniques. Use antivirus in conjunction with anti-ransomware technology for best protection.